Turnbull Government's data retention privacy blunder just rolls on and on...

“If data can be re-identified with no more than SQL, there's no "if" about a leak, and the "when" is history.” [Journalist Richard Chirgwin, Twitter 18 December 2017]

“But why are medical records so attractive? Well, it turns out that there’s a metaphorical holiday feast of enticing data served up in your average health record. Family history, demographic data, insurance information, medications, etc. means there’s enough information to completely steal an individual’s identity and commit medication fraud, financial fraud, insurance fraud and a wide array of other crimes. When this very private, unchangeable information gets into the wrong hands, devastation can ensue.” [Robert Lord writing in Forbes, 15 December 2017]

First the Australian general public were told that patient data was well protected and data breaches wouldn't happen as a result of government's drive to collect, cross-match and retain as much information about each and every Australian citizen/permanent resident as possible.

Then when the inevitable day came where poor data security was laid bare - as the personal histories of 550,000 blood donors were placed on an insecure computer and accessed, as Medicare details began to be offered for sale on the Internet's dark web and Medicare itself became careless with its encryption -  the public was told in the first instance that misuse was unlikely, in the second instance that personal medical information couldn't be accessed and that patients couldn't really be individually identified in the third instance where a billion line encrypted data set was publicly released.

After that the Turnbull Government assured the population that it would create legislation which would make it illegal for anyone to de-encrypt anonymised data and create a Notifiable Data Breaches scheme.

We were all going to be safe once more in the arms of the Turnbull Government.

Now the cat is out of the bag, because that billion-line 30 year's worth of personal health information about est. 3 million people just won't stay in the back of the ministerial cupboard where Greg Hunt shoved it.

 [Fairfax journalist Ben Grubb, Twitter 18 December 2017]

The Sydney Morning Herald, 18 December 2017:

One in ten Australians' private health records have been unwittingly exposed by the Department of Health in an embarrassing blunder that includes potentially exposing if someone is on HIV medication, whether mothers have had terminations, or if mentally unwell people are seeing psychologists.

A report, published on Monday by Dr Chris Culnane, Dr Benjamin Rubinstein and Dr Vanessa Teague from the University of Melbourne's School of Computing and Information Systems, outlines how de-identified historical health data from the Australian Medicare Benefits Scheme (MBS) and the Pharmaceutical Benefits Scheme (PBS) released to the public in August 2016 can be re-identified using known information about the person to find their record.

The study reveals unique patient records matching the online public information of seven prominent Australians, including three (former or current) MPs and an AFL footballer. While a unique match may not always be accurate, Dr Rubinstein said there was the possibility to improve confidence by cross-referencing other data.

"Because only 10 per cent of Australians are included in the sample data, there can be a coincidental resemblance to someone who isn't included," he said.

"We can improve confidence by cross-referencing with a second dataset of population-wide billing frequencies. We can also examine uniqueness according to the characteristics of commercial datasets we know of, such as bank billing data."…….

Privacy analyst and Lockstep consultant Stephen Wilson said the breach damaged public confidence in health policy makers and data custodians.

"It's a huge breach of trust," he said.

"Promises of 'de-identification' and 'anonymisation' made by health officials, and ABS too in connection with census data releases, have been shown to be erroneous.

"The ability to re-identify patients from this sort of public release is frankly, in my view, catastrophic. Real dangers are posed to patients with socially difficult conditions.

"It beggars belief that any official would promise 'anonymity' any more. These promises cannot be kept."

Computer security researcher Troy Hunt said re-identification of anonymised records was attractive to researchers and nefarious parties alike.

"In this case, clearly more work needs to be done to protect individuals' identities,' he said. "My hope is that the government embraces responsible research like this and strives to improve confidentiality rather than penalise those seeking to report deficiencies such as this."

The federal Department of Health was notified about the issue December last year.

"The Department of Health takes this matter very seriously and had already referred this to the Privacy Commissioner," a Department of Health spokesperson told Fairfax Media......

Meanwhile, the Office of the Australian Information Commissioner, which houses Australia's privacy commissioner, said it was investigating the publication of the datasets.

"The investigation was opened under section 40(2) of the Australian Privacy Act 1988 (Privacy Act) in late September 2016 when the Department of Health notified the OAIC that the datasets were potentially vulnerable to re-identification," a spokesperson said.

"Given the investigation into the Medicare Benefits Scheme (MBS) and Pharmaceutical Benefits Scheme (PBS) datasets is ongoing, we are unable to comment on it further at this time.

However, the commissioner will make a public statement at the conclusion of the investigation."

The OAIC said it continued to work with Australian government agencies to enhance privacy protection in published datasets.....

Australians to own their own banking, energy, phone and internet data? How wonderful! Except.....

Read the news coming out of Canberra…..

Assistant Minister for Cities and Digital Transformation and Liberal MP for Hume Angus Taylor, media release, 26 November 2017:

Australians to own their own banking, energy, phone and internet data

The Turnbull Government will legislate a national Consumer Data Right, allowing customers open access to their banking, energy, phone and internet transactions.

Australians will be able to compare offers, get access to cheaper products and plans to help them ‘make the switch’ and get greater value for money.

Assistant Minister for Cities and Digital Transformation Angus Taylor said it was the biggest reform to consumer law in a generation.

“Government is pursuing the very simple idea that the customer should own their own data. It is a powerful idea and a very important one,” Assistant Minister Taylor said.

“Australians have been missing out because it’s too hard to switch to something better. You may be able to access your recent banking transactions, or compare this quarter’s energy bill to the last, but it sure isn’t quick or easy to work out if you can get a better deal elsewhere.”

The Consumer Data Right was one of 41 recommendations from the Productivity Commission’s Data Availability and Use Inquiry, tabled in parliament in May this year.

The Government’s formal response to the inquiry will be published in coming weeks.

“It won’t be far down the track when you can simply tap your smartphone to switch from one bank to another, to a cheaper internet plan, or between energy companies.

Government is lifting the lid on competition in consumer services and technology is the enabler,” Assistant Minister Taylor said.

Following on from the Prime Minister’s recent agreement with electricity retailers, and the Treasurer’s open banking initiative, the Consumer Data Right will be established sector-by-sector, beginning in the banking, energy and telecommunications sectors.

Utilities will be required to provide standard, comparable, easy-to-read digital information, that third parties can readily access. New Commonwealth legislation to give effect to these reforms will be brought forward in 2018. [my yellow highlighting]

Take a minute to feel good about this.

Then realise that not all the publicly or privately held digital data retained about you will actually be ‘owned’ by you.

If anything it appears that individuals will have a limited joint right to certain data and what access to data they have will probably attract a fee to view and/or download.

It is also likely that data held about you by the banking, energy, phone and internet sectors will be transferred to third parties even when you prefer this didn't happen. It may become a condition of changing service providers as it will likely give the new provider a wealth of information about you and your credit rating.

It is also highly likely that the new legislation will allow third parties to access, disclose and trade in data sets and/or consumer data - without consumers necessarily being made aware this is occurring.

Eventually the Turnbull Government's consumer data rights along with those third party rights will apply to all sectors, including the insurance industry.

If you are interested in some background reading start with the Australian Productivity Commission’s March 2017 report here.

Political Tweets of the Week

Hey @bobjcarr Welcome to Stasi Australia (metadata, no-charge detention, facial recognition CCTV). You still opposed to a Bill of Rights?

— Quentin Dempster (@QuentinDempster) October 8, 2017

Yesterday over 16,000 people turned out around Aus with a simple message: #StopAdani! Australia, you are awe-inspiring and can do anything! pic.twitter.com/HDaTodY74c

— Stop Adani (@stopadani) October 8, 2017

National ID Database: so you think if you do nothing wrong you'll have nothing to fear?

“There is also a tendency for technologies to converge, allowing for the creation of devices with increased surveillance capabilities. CCTV, for example, may be combined with facial recognition technology….to identify individuals from their images. Another example is modern mobile phones, which combine telephonic services with GPS tracking software, digital visual and sound recording capabilities, and connection to the internet. A consequence of the convergence of surveillance technologies is the greater ability of surveillance users to compile detailed pictures of members of the public, making it increasingly difficult for individuals to maintain their privacy and anonymity.” [Victorian Law Reform Commission – Surveillance in Public Places: Final Report 18, 2010]

This month the Turnbull Government, state and territory governments have agreed to add the photo IDs of all registered drivers to the Facial Biometric Matching Capability (FBMC) database (est. 16 November 2016) which already has access to passport photographs, visa application photos, airport surveillance images and arrest ID images from the criminal justice system.

Additional images will probably be harvested from social media and added to this database which is to be used with CCTV footage of the general population going about their daily lives when considered necessary by police and security services. The biometric 'map' of an individual's face created by FBMC being easily applied to searches of video footage from public venue, shopping centre, street and road cameras as CCTV technology is now capable of recognising faces of people, vehicles, animals and bags automatically.

FBMC will involve using a Face Verification Service , Face Identification Service, One Person One Licence Service and Facial Recognition Analysis Utility Service in identity matching, along with a the Document Verification Service, Identity Data Sharing Service and/or any other government identity matching or data sharing service and, of course one of the areas it will be used is in so-called crime prevention.

Use of this facial recognition database will also be available to authorised private sector agencies and, like many new tools it is likely there will be function creep so that photo IDs will be required by more government agencies and private businesses when interacting with individuals in the future.

The Facial Biometric Matching Capability database will function alongside the Biometric Identification Services (BIS) which features national identification capability using fingerprints, palm prints, foot prints and facial recognition, person identity and evidence image case management, image enhancement tools and record auditing, matching services of one to one, one to few, one to many, and many to many, as well as photobook, photo line-up and witness viewing services.

But what’s the worry? After all if you are an ordinary person not committing a crime you have nothing to fear. Right?

Well there is this on the horizon…………..

Monash University, Research Spotlight: Crime, Risk and Security:

Criminologists at Monash undertake cutting edge research in the areas of risk and security that is theoretically sophisticated, innovative and highly relevant to areas of pressing national and international concern. The discipline hosts two recipients of the Australian government’s prestigious Future Fellowship Award, Professor Sharon Pickering and Associate Professor Weber, both undertaking programs of research on border policing. Their jointly authored book Globalization and Borders: Death at the Global Frontier was awarded Australia’s most significant criminology publication award in 2013. The Border Crossing Observatory is the online repository of all border-related research undertaken by Monash Criminology and our national and international partners. Criminologists at Monash have received multiple highly competitive Australian Research Council grants to investigate a host of risk and security related topics, amongst them, counter terrorism laws and policing, immigration and exploitive labour practices, deportation, regional security, and the gendered nature of border crossing and transnational law enforcement. Our risk and security research expertise includes the interrelated topics of borders, counter terrorism, state crime, transnational crime, irregular migration, human trafficking, risk and disability, and pre-crime. [my yellow bolding]

What is “pre-crime”?

Put simply, “pre-crime” activity is a crime not yet committed – it is the suspicion that an individual might be capable of breaking an unidentified law at some unspecified time in the future.

Such suspicion does not mean there is a need to charge, prosecute or convict for a specific crime. Intervention at “pre-crime” stage is supposedly risk containment.

You don’t have to be researching bomb-building or Googling how to buy a weapon online to commit a “pre-crime” activity - it can be your thoughts and political opinions spoken aloud or written down, as well as your actions at a public meeting or protest rally.

It can even be allegedly ‘guilty knowledge’ in that you knew the time and place a small environmental activist group was going to confront their local MP or you saw a person painting an anti-government picket sign ahead of a planned street march.

Going to the media – social or mainstream – with a genuine complaint against a government department might be considered a “pre-crime” if you visibly persist in seeking answers, redress or apology. You could easily be labelled "fixated" by police if a government minister takes offence and decides to complain.

If you make a small donation to a group the police or government consider problematic, troublesome or obstructive of the aims of government or big business you may at some time in the future be considered politically partisan and displaying “pre-crime” tendencies.

These are just some of the groups that are already complained about by big business and politicians: Environment Victoria, Wilderness Society (Australia, Victoria & Queensland), Friends of the Earth, Victorian National Parks Association, Australian Conservation Foundation, Lock the Gate Alliance, 350.org Australia, the Nature Conservation Council of NSW, the Australian Youth Climate Coalition, the Australian Marine Conservation Society, Australian Marine Conservation Society, Friends of the Earth Australia, Politics in the Pub and GetUp! as well as Greenpeace and Sea Shepherd.

Just belonging to a group or community association which speaks up on matters of social, economic, environmental or political concern could see you being eyed off as part of a potential conspiracy in the making.

In at least one Western country pre-crime can also manifest itself as a suspicion that you have come into a city centre with the intention of having a drink or two and you will be given a 48 hour direction-to-leave order.

With the notion of “pre-crime” there is no presumption of innocence and little more than lip service to due process if any arm of state or federal government decides you are a person of interest.

So how will pre-crime activity be monitored by police and security services? Well one of the methods used will be surveillance and this surveillance may involve use of the Facial Biometric Matching Capability database created by the Turnbull Government.

Surely this couldn’t possibly happen in Australia? you say. Think again. 

We already keep individuals in gaol long after their court-imposed sentence has been fully completed under continuing detention legislation, have preventative detention without charge and control orders which can be applied to both minors and adults, police are known to use spyware to enter, monitor and control home computers and, in certain circumstances your home can be entered and searched without your knowledge by police and security services.

And here in Australia we have a history of unwarranted surveillance based on an individual's political association (1950s Cold War era) and political dissent (1960s & early 1970s Viet Nam War era) as well as virtually unchallenged unlawful use of coercive powers (Border Force 2014 to 2017).

Police and security agencies are constantly pushing for more legislation which would allow amongst other matters the creation of a raft of pre-emptive, punitive measures based solely on suspicion and an individual’s “pre-crime” tendencies.

Right now in Australia governments are all about political and physical control of the population - they are not about human rights, 'civil liberties' or a free, open and democratic society.

As a society Australia has been sliding down that slippery slope towards an authoritarian destination for years now and in 2017 we appear to have reached the bottom of the slope.

COAG, INTERGOVERNMENTAL AGREEMENT ON IDENTITY MATCHING SERVICES, 5 October 2017.

Barrister @BarnsGreg says the public shouldn't accept claims by politicians that #terrorlaws take precedent over #civilliberties | #COAG pic.twitter.com/rUXFY5Vn3b

— ABC News (@abcnews) October 5, 2017

“For years, there’s been ample evidence that authoritarian governments around the world are relying on technology produced by American, Canadian, and European companies to facilitate human rights abuses.  From software that enables the filtering and blocking of online content to tools that help governments spy on their citizens, many such companies are actively serving autocratic governments as "repression’s little helper."

The reach of these technologies is astonishingly broad: governments can listen in on cell phone calls, use voice recognition to scan mobile networks, read emails and text messages, censor web pages, track a citizen’s every movement using GPS, and can even change email contents while en route to a recipient. Some tools are installed using the same type of malicious malware and spyware used by online criminals to steal credit card and banking information. They can secretly turn on webcams built into personal laptops and microphones in cell phones not being used. And all of this information is filtered and organized on such a massive scale that it can be used to spy on every person in an entire country.” [Electronic Frontiers Foundation, accessed 7 October 2017]

“Australia’s leading privacy and civil liberties organisations condemn the decision by the Council of Australian Governments (COAG) to provide all images from state and territory driver’s licence databases to the federal National Facial Biometric Matching Capability.

These organisations are the Australian Privacy Foundation, Digital Rights Watch, Queensland Council for Civil Liberties, NSW Council for Civil Liberties, Liberty Victoria, South Australian Council for Civil Liberties and Electronic Frontiers Australia.

The creation of such a comprehensive national facial database is an unnecessary and disproportionate invasion of the privacy rights of all Australians, is the foundation for suspicionless, warrantless mass surveillance and is fundamentally incompatible with a free and open society.

David Vaile, Chair of the Australian Privacy Foundation said, “This government has proven it is blind and deaf to privacy and personal information security threats. Make no mistake – this database will affect all Australians, even the most conscientious and law-abiding. It will likely generate massive ‘false positive’ lists that will flood our very effective police and security services with useless distractions. We’ve already seen calls for ‘scope creep’ to cover welfare enforcement, and there’s every reason to expect this capability will come to be used to identify people with unpaid fines and other minor issues that have nothing whatsoever to do with terrorism.” [Electronic Frontiers Australia, 6 October 2017]

“Every single portion of human rights activism overlaps, manifests or is exercised with the use of technology. That alone caused attackers and adversaries to recognize that technology itself is a good vehicle to get to these people and interfere with them or cause them harm.” [Claudio Guarnieri of Amnesty International quoted in Threat Post at Kapersky Lab, 4 October 2017]

A new Australian Federal Government super ministry capable of deploying armed soldiers on our streets

“The first question to ask yourself is this: does handing Dutton that power sound like a good idea?” [journalist Katherine Murphy, The Guardian, 18 July 2017]

A new Australian Federal Government super agency capable of deploying armed soldiers on our streets? With a former Queensland police officer of no particular merit as its head?

What could possibly go wrong with a rigid, far-right, professed ‘Christian’ property millionaire having oversight of a super portfolio which would reportedly bring together the Australian Security Intelligence Organisation (ASIO), the Australian Federal Police (AFP) Australian Border Force, Australian Criminal Intelligence Commission and AUSTRAC along with a database on ordinary citizens, ‘intellectuals’ and perfectly legal organisations, going back literally generations?

How long will it take before any industrial action or protest event would be quickly labelled as terrafret and armed soldiers sent to disperse people exercising their democratic right?

Australia’s been down that painful path before during the last 229 years and been the worse for it.

Turnbull at Holsworthy Barracks, Forbes Advocate,17 July 2017

“The measures I am announcing today will ensure that the ADF is more readily available to respond to terrorism incidents, providing state and territory police with the extra support to call on when they need it.”  

[Prime Minster Malcolm Turnbull, media release, Holsworthy NSW,17 July 2017]

The Sydney Morning Herald, 18 July 2017:

Malcolm Turnbull has confirmed a dramatic shake-up of Australia's security, police and intelligence agencies that will put Immigration Minister, Peter Dutton, in charge of a sprawling new Home Affairs security portfolio.

The department of Home Affairs will bring together domestic spy agency ASIO, the Australian Federal Police, the Australian Border Force, the Australian Criminal Intelligence Commission, AUSTRAC and the office of transport security and will be put together over the next year.

And Mr Turnbull has also announced the government would, in response to the 

L'Estrange review of Australia's intelligence agencies, establish an Office of National Intelligence and that the Australian Signals Directorate will also be established as an independent statutory authority. 

The new Office of National Intelligence will co-ordinate intelligence policy and is in line with agencies in Australia's "Five Eyes" intelligence partners in the US, Britain, Canada and New Zealand…..

The changes are to be finalised by June 30, 2018 - subject to approval of the National Security Committee of Cabinet -  with Mr Dutton to work with Senator Brandis in bedding down the changes.

Senator Brandis will lose responsibility for ASIO under the changes but, crucially, retain sign-off power on warrants for intelligence agency. 

Mr Turnbull said the Attorney-General's oversight of Australia's domestic security and law enforcement agencies would be strengthened, with the Inspector-General of Intelligence and Security and the independent national security legislation monitor moving into his portfolio. 

The Prime Minister said Australia needed these reforms "not because the system is broken, but because our security environment is evolving quickly…..

The Sydney Morning Herald, 17 July 2017:

However that L'Estrange review – part of a routine reassessment of national security arrangements – is understood not to specifically recommend such a super-portfolio.

Mr Turnbull has been dropping strong hints lately that he is inclined to make a significant change, rejecting what he's branded a "set and forget" policy on national security and warning that Australia must keep up with an evolving set of threats from terrorism to foreign political influence.

Security and intelligence agencies themselves are also believed to have concerns about such a change, while some former intelligence heads have publicly said they do not see any need for change.

However, a well-placed source in the intelligence community said a Home Affairs office - as opposed to a US-style Department of Homeland Security - was the preferred options for police and intelligence agencies.

That was because a Home Affairs department would potentially be broader, including agencies such as the Computer Emergency Response Team, the Australian Cyber Security Centre, Crimtrac, the Australian Criminal Intelligence Commission and the new Critical Infrastructure Centre, rather than just police and intelligence agencies.

The Guardian, 18 July 2017:

Peter Jennings, the executive director of the Australian Strategic Policy Institute, put it well on Tuesday when he said any “grit” in the Dutton/Brandis relationship could be problematic for intelligence operations, which is obviously problematic for all of us, given we rely on the efficiency of the counter-terrorism framework to keep us safe.

So we’d better hope for the best, to put it mildly.

We’d also better hope it’s a good use of the time of our intelligence services and public servants to nut out how the Big Idea is going to work in practice, which will be a reasonably complex task, at a time when these folks already have a serious day job.

Recapping that specific day job again: trying to disrupt national security threats, in a complex environment. Pretty busy and important day job, that one.

It’s cartoonish to say this is all about the prime minister rewarding old mate Dutton, on the basis you keep your friends close, and your (potential) enemies closer.

Nothing is ever that simple outside a House of Cards storyboard– although it remains an irrefutable fact that Dutton wanted this to happen, and if Dutton really wanted it to happen, it would have been difficult for Turnbull, in his current position, to say no.

The Australian, 19 July 2017:         

The pressure points lie in the risk calculations that link intelligence to response. In a liberal democracy, we rightly demand high certainty of the intention to carry out an act of violence before we are comfortable with our security services pre-emptively taking someone off the streets. Usually when an attack happens, here or in the US or Europe, it’s because the calibration of risk hasn’t worked. It’s not because security services weren’t concerned about an individual’s beliefs and actions or couldn’t find him.

For those of us without access to national security data, the evidence suggests that Australia does these important risk calculations relatively well. Our list of foiled terrorist attacks is quite a bit longer than the list of attacks. The reason for this is the national security structures we have evolved: the combination of separate national security agencies, each with highly developed specialist capabilities and slightly different cultures and perspectives, working in close, 24/7 collaboration.

When calculating risk, separation and diversity are a strength because they build contestation, careful deliberation and stress testing into the system. Britain, the US, France and Belgium have chosen more centralised structures, and the evidence is that their systems do not work as well as ours. Bringing our highly effective agencies into a super-department cannot help but disrupt their inner structures and cultures. Such enterprises inevitably lose sight of the goal — keeping Australians safe — as they become driven by the desire for efficiencies and cultural homogenisation, and the urge for bureaucratic tidiness. Look no further than the creation of the Department of Immigration and Border Protection, a process that has consumed enormous amounts of resources in reconciling two incompatible cultures, with no apparent benefits and a list of embarrassing blunders.

Creating one security super-department places a major imperative on the government to get everything right, first time. Separate but closely collaborating security agencies create a powerful check against underperformance: a struggling agency or a leader who’s not up to it are spotted and called out quickly. But underperformance in a federation-style conglomerate is not so easy to see and to call out. And in the meantime, it’s the safety of Australians that will be the price for underperformance.

If the Turnbull government were serious about national security, it would not engage in evidence-free experimentation with our national security. It should instead be building on what’s working well and making it even stronger. We need better co-ordination and cross agency connectivity, not big-bang organisational redesign.

We should be getting these sorts of issues right in a system that is working, rather than indulging in the risk-riddled gesture politics of a grand restructure.

Michael Wesley is professor of international affairs and dean of the College of Asia and the Pacific at the Australian National University.

Would you trust these men with your personal health information? Part Two

Left to Right: Minister for Human Services and Liberal MP for Aston, Alan Tudge

& Minister for Health and Liberal MP for Flinders, Greg Hunt

The Guardian, 8 July 2017:

The government found itself facing heavy criticism this week over how it handles Australians’ personal information, after a Guardian investigation revealed a darknet trader was illegally selling the details of any Medicare card holder on request by “exploiting a vulnerability” in a government system.

The data had been for sale since at least October 2016, and the seller appears to have sold the Medicare details of at least 75 Australians…..

“What’s happening is the community is wrapping these attacks together and seeing them as a threat, and it adds to a perception that their data is not safe,” said Australia’s privacy commissioner, Timothy Pilgrim. “All the players need to work out a way to build up that trust.”

But why do these breaches keep happening? And is the government doing everything it can to stop them, and reassure the public when they do happen?

After being alerted by the Guardian to the Medicare breach, the minister took swift action, referring it to the Australian federal police for investigation. Pilgrim welcomed this as an appropriate response…..

The most critical risk to Australians from the misuse of Medicare card data is one of identity fraud. A fake Medicare card with legitimate details can get a criminal a quarter of the way to an entire fake ID. This could then be used by organised crime groups in any number of ways, for example by leasing property or equipment. It could also be used to fraudulently obtain services from Medicare itself.

In this case, the darknet was the vehicle for this particular identity fraud scam. But it didn’t need to be, and it is likely similar, less-sophisticated scams are taking place right now.

Tudge has used an unusual line to explain the breach. He has said it was not a hack or cyber attack, but “traditional criminal activity”. What he’s edging around is that his department believe this was a case of an individual using a legitimate method to access Medicare data – but for an unauthorised and illegal purpose.

But contrary to Tudge’s assertion, access control is very much a matter of cybersecurity. And there are a lot of problems with the way Medicare card details can be obtained.

For instance more than 200,000 individual users can potentially look up Medicare card details through the department’s system. The department has declined to answer whether each access is logged, which could allow it to trace when a particular card was looked up. If those controls aren’t there, it’s unlikely the darkweb vendor selling this data will be found.

It doesn’t mean someone sitting in a doctor’s clinic has been supplying the data. A prospective patient could show up at a GP’s reception, pretending to be someone else, and just ask for that person’s Medicare card details. Guardian Australia has spoken with one employee at a medical practice who said people regularly asked for their card details to be supplied.

Identity fraud using Medicare cards is coming to be seen as a big problem in the government. The human services department acknowledged in February 2016 that there had been 1,500 “probable” cases of Medicare fraud, a jump from 269. The Australian reported that in 2014 the justice minister, Michael Keenan, set out to quantify the scale of Medicare card fraud taking place. A study found Medicare cards and driving licences were the mostly commonly used forms of ID for fraudsters.

The problem appears to be growing worse as those given credentials to access Medicare card details legitimately has increased – jumping 25% in the last financial year – and as organised crime groups grow more sophisticated in their methods.

All of this contributes to the loss of trust….

Would you trust these men with your personal health information? , 5 July2017

Would you trust these men with your personal health information?

The darknet vendor says they are “exploiting a vulnerability which has a much more solid foundation which means not only will it be a lot faster and easier for myself, but it will be here to stay. I hope, lol.” [The Guardian, 4 July 2017]

Left to Right: Minister for Human Services and Liberal MP for Aston, Alan Tudge

& Minister for Health and Liberal MP for Flinders, Greg Hunt

These two federal politicians have portfolio responsibility for some of the largest government databases in Australia.

One has portfolio responsibility for those sensitive e-health records which are due to be rolled out nationally on an opt-out basis by 2020.

This is how secure your personal information is on their watch…….

The Sydney Morning Herald, 4 July 2017:

The Australian Federal Police is investigating reports Australians' personal Medicare details are being accessed and sold on the dark web, an apparent breach that has been labelled an "internet catastrophe".

According to a Guardian Australia report, an online vendor can pull up the full Medicare card details of any Australian on request — and is selling them for around $30 each — indicating a security hole somewhere in the health system.

Human Services Minister Alan Tudge said the government was taking the matter seriously. 

The sales are reportedly listed on an undisclosed dark web marketplace, in which the vendor claims to be "exploiting a vulnerability" in order to run software that pulls the data. The vendor calls it "the Medicare Machine".

"Leave the first and last name, and DOB of any Australian citizen, and you will receive their Medicare patient details in full", the listing says, adding that the nature of the security hole being utilised means the vendor will be "here to stay".

In a statement, Mr Tudge said any authorised access to Medicare card numbers was "of great concern" and his department was also conducting its own investigation. 

Medicare's database was always a honeypot waiting to be exploited once governments embraced data matching, data retention and data sharing with much enthusiasm but little understanding.

Once someone decides they want your Medicare details ID theft is now just 0.0089 bitcoin away - as is your abusive former spouse/partner or that anonymous stalker or Internet troll that has been making your life a misery.

UPDATE

Anthony Baxter, 4 July 2017:

You supply the person with name, date of birth and gender and around $30 of Bitcoin they'll give you the person's Medicare number. This is pretty bad, as it allows idemtity thieves to forge them - a Medicare card is usually worth 25 points on the standard 100 point ID check here. The AU govt had no idea this was happening until the journo from The Guardian let them know.

It turns out there's a portal that any health care provider can use to look up Medicare numbers this way. In case you've lost your card or whatever. Likely it's someone who works for one of them selling access, or someone's popped a PC there (more on that to come).

When asked, the relevant government minister (the same guy who presided over the Census fuckup last year (update: I misremembered, that was a different clown), the accidental publishing of PBS data that was poorly deidentified and the ongoing Centrelink robodebt nightmare) claimed it's OK because you can't get access to someone's medical records through the shiny new online electronic health records system with just a Medicare number. Aside from ignoring the ID theft issue there's a liiiiiittle bit of an issue here.

Guess what information you need along with the Medicare number to pull someone's medical records? Did you guess "name, date of birth and gender"? Collect your prize.

According to https://www.itnews.com.au/news/govt-blames-medicare-card-breach-on-traditional-crims-467502 the folks who did the Privacy Impact Assessment on the electronic health records system were told it would be secure because you needed Medicare number as well as name/DOB/gender and weren't told you could use the latter to look up the former.

It Gets Worse.

In theory you can only look up this stuff from a secure endpoint, with a client side certificate installed. Which in practice means maybe 20K PCs scattered across every doctors office in the country. Worse still, many of these client certs were originally sent out via unencrypted email, and a nontrivial number were "lost". And you reckon all or even a significant fraction of these 20K boxes are running modern Windows with up to date patches? Me neither. I can't count the number of times I've been left alone in a room with an unlocked doctor's PC while he went to check something.

It (Incredibly) Gets Even Worse.

They have a Two Factor Auth system which doctors are supposed to use. One of the ways to get the 2FA key is, and I wish I was joking here, email.

So get access to a box running some XP/Win7 version that's ludicrously unpatched that's also logged into the doctors email, collect health care records. Australian government cannot computer.

At the moment the electronic health records thing is opt-in, at some point next year they'll be moving to an opt-out scheme with a window to opt-out. There's an email form here https://myhealthrecord.gov.au/internet/mhr/publishing.nsf/content/home where you can sign up to be notified when the window to opt the hell out is opened and I urge everyone to do so ASAP.

UPDATE

The Sydney Morning Herald, 5 July 2017:

The federal government was warned more than three years ago of security deficiencies surrounding personal Medicare data, with the Department of Human Services told it was not fully complying with spy agency rules.

Questioning the department's ability to keep the data safe from "security threats from external and internal sources", the government auditor made a series of recommendations in April 2014 but it is unclear if they were fully implemented.